aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCedric BAIL <c.bail@partner.samsung.com>2014-07-14 15:59:06 +0200
committerCedric BAIL <c.bail@partner.samsung.com>2014-07-14 16:05:35 +0200
commit31ff4aa86a3331160e34c582f3c2507d1c1a90b5 (patch)
tree7b70098cd35e2798fe74ba74c66f4d88b4bddac0
parentrelease: Update NEWS and bump version for 1.10.2 release (diff)
downloadefl-31ff4aa86a3331160e34c582f3c2507d1c1a90b5.tar.gz
lz4: fix another security issue on ARM 32bits.v1.10.2
-rw-r--r--src/static_libs/lz4/lz4.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/src/static_libs/lz4/lz4.c b/src/static_libs/lz4/lz4.c
index a1475dc9a9..482a8ede33 100644
--- a/src/static_libs/lz4/lz4.c
+++ b/src/static_libs/lz4/lz4.c
@@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
length += s;
}
while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
- if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
+ //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
+ if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error; /* quickfix issue 134 */
+ if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error; /* quickfix issue 134 */
}
/* copy literals */
@@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
unsigned s;
do
{
- if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error;
+ if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
s = *ip++;
length += s;
} while (s==255);
- if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
+ //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error; /* overflow detection */
+ if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error; /* quickfix issue 134 */
}
/* check external dictionary */